The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends imbalanced braces as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| HawtIO 4.0.0 for Red Hat build of Apache Camel 4 | RedHat | braces | * |
| Multicluster engine for Kubernetes 2.4 for RHEL 8 | RedHat | multicluster-engine/console-mce-rhel8:v2.4.5-25 | * |
| Multicluster engine for Kubernetes 2.4 for RHEL 8 | RedHat | multicluster-engine/multicluster-engine-console-mce-rhel8:v2.4.5-25 | * |
| Multicluster engine for Kubernetes 2.5 for RHEL 9 | RedHat | multicluster-engine/console-mce-rhel9:v2.5.5-1 | * |
| Multicluster engine for Kubernetes 2.5 for RHEL 9 | RedHat | multicluster-engine/multicluster-engine-console-mce-rhel9:v2.5.5-1 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 | RedHat | rhacm2/console-rhel9:v2.10.4-13 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8 | RedHat | rhacm2/console-rhel8:v2.9.4-22 | * |
| Red Hat JBoss Enterprise Application Platform 7 | RedHat | braces | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-jsoup-0:1.15.4-1.redhat_00003.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | RedHat | eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el8eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-jsoup-0:1.15.4-1.redhat_00003.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | RedHat | eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el9eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-jsoup-0:1.15.4-1.redhat_00003.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el7eap | * |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | RedHat | eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el7eap | * |
| Red Hat Migration Toolkit for Containers 1.8 | RedHat | rhmtc/openshift-migration-ui-rhel8:v1.8.4-10 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/grafana-rhel8:2.6.1-6 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/istio-cni-rhel8:2.6.1-7 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/istio-must-gather-rhel8:2.6.1-4 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/istio-rhel8-operator:2.6.1-9 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/kiali-ossmc-rhel8:1.89.0-2 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/kiali-rhel8:1.89.1-3 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/kiali-rhel8-operator:1.89.1-1 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/pilot-rhel8:2.6.1-7 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/ratelimit-rhel8:2.6.1-6 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 9 | RedHat | openshift-service-mesh/proxyv2-rhel9:2.6.1-4 | * |
| Node-braces | Ubuntu | mantic | * |
This issue can make the product perform more slowly. If an attacker can influence the number of iterations in the loop, then this performance problem might allow a denial of service by consuming more platform resources than intended.